Created attachment 1071 [details] Screenshot showing the JavaScript crash in Microsoft Edge Users might disable cookies in their browser. Doing so will cause Web Access to crash during login, showing a scary JavaScript error. These settings are presented in different ways in different browsers: * In Chrome the setting is called "Block all cookies (not recommended)" under "Cookies and other site data". It's disabled by default. * In Firefox the setting is under "Enhanced Tracking Protection" when choosing "Custom". The issue only appears when "All Cookies (will cause websites to break)" is selected. It's default value is "Cross-site tracking cookies, and isolate other cross-site cookies". * In Edge the setting is called "Allow sites to save and read cookie data (recommended)". It's enabled by default. * In Safari on iPadOS 16.1, the setting is called "Block All Cookies", it's found under "Privacy & Security". It's disabled by default. In Edge & Chrome the error says: > ThinLinc Web Access encountered an error: > > Failed to read the 'localStorage' property from 'Window': Access is denied for this document. > > Error: Failed to read the 'localStorage' property from 'Window': Access is denied for this document. > at Module.readSetting (https://samuel.lkpg.cendio.se:300/app/webutil.js:159:9) > at Object.start (https://samuel.lkpg.cendio.se:300/app/ui.js:95:21) > at https://samuel.lkpg.cendio.se:300/app/ui.js:49:27 In Firefox the error says: > ThinLinc Web Access encountered an error: > > The operation is insecure. > > https://samuel.lkpg.cendio.se:300/app/webutil.js > > readSetting@https://samuel.lkpg.cendio.se:300/app/webutil.js:159:9 > start@https://samuel.lkpg.cendio.se:300/app/ui.js:95:21 > prime/<@https://samuel.lkpg.cendio.se:300/app/ui.js:49:27 In Safari the error says: > ThinLinc Web Access encountered an error: > > The operation is insecure. > > readSetting@https://samuel.lkpg.cendio.se:300/app/webutil.js:159:29 > start@https://samuel.lkpg.cendio.se:300/app/ui.js:95:32 > promiseReactionJob@[native code]
Upstream noVNC report: https://github.com/novnc/noVNC/issues/1577
Created attachment 1072 [details] Screenshot showing the JavaScript crash in Safari
The issue stems from the fact that disabling "cookies" in the browsers will also disable the JavaScript feature called "localStorage". Our code isn't written in a way that handles localStorage being blocked like this, thus the crash. In practice, we don't NEED localStorage, it's only used for user preferences. We could easily fall back on the default values here. However, it's worth noting bug 8015 here, until that one is fixed it's impossible to use Web Access with cookies disabled. This leads to the conclusion that the best way forward here is to present a better error message to the user.
Google's services like calendar.google.com and gmail.com don't work with cookies disabled. The error shown by Google is: > Cookies are disabled > > Your browser has cookies disabled. Make sure your cookies are enabled and try again. Learn more